UK Getting tough on Computer Misuse

Current News Updates

UK Getting tough on Computer Misuse

Computer misuse takes many forms including hacking of certain types of computer, fraud, denial of service attacks and the spreading of viruses, worms, trojan horses, time bombs and other malicious code. Hackers and other ‘computer terrorists’ have the potential to cause serious disruption to organisations, businesses and individuals. It is estimated that each year in the UK computer misuse costs between £400 million and £2 billion in damage caused to computer systems.

Computer misuse has traditionally been covered by the Computer Misuse Act 1990 (CMA) which sets out two key offences:

unauthorised access to computer programs or data (i.e. hacking), together with a more serious version of the offence if the hacking is carried out with an intent to commit or facilitate further offences; and

unauthorised modification of computer material.

However, the Police and Justice Act 2006 (PJA) introduces long-awaited amendments to the CMA aimed at bringing it up to date with the latest developments in computer crime and imposing tougher penalties. These amendments are likely to come into force in the next few months.

The PJA will replace the offence of unauthorised modification of computer material with one that is wider in scope. The replacement offence imposes criminal liability on a person who:

knowingly commits an unauthorised act in relation to a computer; or

intends to perform such an act; or

is reckless as to whether he might be performing such an act.

The offence is committed where the effect of the unauthorised act is that it:

impairs the operation of any computer;

prevents or hinders access to any program or data held in any computer; or

impairs the operation of any such program or the reliability of any such data.

Those who post malware or distribute passwords on the internet with a reckless disregard for its use may be caught under the new offence. The new wording is also intended to be wide enough to catch those paying someone to commit an offence.

The PJA also introduces a new offence of obtaining, supplying or offering to supply a program or data in electronic form with the intention or in the belief that it is likely to be used to commit, or to assist in the commission of an offence. This offence places an onus on distributors of hacking tools to decide if they will be used for illegal purposes.

In addition, the PJA increases the penalties for committing computer misuse within the UK which will be punishable by fines and/or imprisonment up to 10 years depending on the type of offence.

It is hoped that these changes to the CMA will act as an additional deterrent to potential offenders. However, some IT security professionals are concerned that the law may inhibit the development of security tools for legitimate uses, but which may be viewed as potentially assisting hackers. There is also some uncertainty over whether the penalties are proportionate and a sufficient deterrent, especially given the current problems of over-crowding in UK prisons. A larger question mark remains as to what deterrents exist internationally as computer misuse often takes place on a global scale and without regard to national boundaries.